Skip to main content
logoTetrate Service BridgeVersion: 1.5.x

JWT Identity

JwtIdentity represents an JWT identity of a workload.

E.g.,

  • JWT identity of a workload:

    issuer: https://mycompany.corp
    subject: us-east-datacenter1-vm007
    attributes:
    region: us-east
    datacenter: datacenter1
    instance_name: vm007
    instance_hostname: vm007.internal.corp
    instance_role: app-ratings

JwtIdentity

JwtIdentity represents an JWT identity of a workload.

FieldDescriptionValidation Rule

issuer

string
REQUIRED
JWT Issuer identifier.

The value must be a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components.

E.g., https://mycompany.corp, https://accounts.google.com, https://sts.windows.net/9edbd6c9-0e5b-4cfd-afec-fdde27cdd928/, etc.

See https://openid.net/specs/openid-connect-core-1_0.html#IDToken

string = {
  prefix: https://
  uri: true
}

subject

string
REQUIRED
Workload identifier (JWT subject).

A locally unique identifier within the Issuer.

Preferably, the value should consist of lower case alphanumeric characters and '-', should start and end with an alphanumeric character.

Otherwise, if the value includes ASCII characters other than lower case alphanumeric characters and '-', it will be encoded in a special way and will appear in that encoded form in metrics, in diagnostics, on UI. It might become non-trivial to infer the original workload identifier from the encoded form.

The value that includes non-ASCII characters is not valid.

E.g., us-east-datacenter1-vm007.

See https://openid.net/specs/openid-connect-core-1_0.html#IDToken

string = {
  pattern: ^[�-]+$
}

attributes

map<string, string>
Additional attributes associated with the workload.

The value is a map with free-form keys and values.

E.g.,

region: us-east
datacenter: datacenter1
instance_name: vm007
instance_hostname: vm007.internal.corp
instance_role: app-ratings

map = {
  keys: {string:{min_len:1}}
  values: {string:{min_len:1}}
}